diff options
| author | Christian Breunig <christian@breunig.cc> | 2024-07-25 15:40:32 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-07-25 15:40:32 +0200 |
| commit | 160a24d61d9adb108de9a210311ccd10a93f819f (patch) | |
| tree | d9b96aa6c2caf2c39d60a764b6c26a479dc72d60 /data/templates/ipsec/swanctl/peer.j2 | |
| parent | c73e89d7264f928db2ca44da1d885a96c125db48 (diff) | |
| parent | 9dc7e170d4eab2a76f373886d2f0b21d51dabeb5 (diff) | |
| download | vyos-1x-160a24d61d9adb108de9a210311ccd10a93f819f.tar.gz vyos-1x-160a24d61d9adb108de9a210311ccd10a93f819f.zip | |
Merge pull request #3843 from vyos/mergify/bp/sagitta/pr-3841
T6599: ipsec: support disabling rekey of CHILD_SA, converge and fix defaults (backport #3841)
Diffstat (limited to 'data/templates/ipsec/swanctl/peer.j2')
| -rw-r--r-- | data/templates/ipsec/swanctl/peer.j2 | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/data/templates/ipsec/swanctl/peer.j2 b/data/templates/ipsec/swanctl/peer.j2 index 58f0199fa..3a9af2c94 100644 --- a/data/templates/ipsec/swanctl/peer.j2 +++ b/data/templates/ipsec/swanctl/peer.j2 @@ -63,6 +63,11 @@ life_packets = {{ vti_esp.life_packets }} {% endif %} life_time = {{ vti_esp.lifetime }}s +{% if vti_esp.disable_rekey is vyos_defined %} + rekey_bytes = 0 + rekey_packets = 0 + rekey_time = 0s +{% endif %} local_ts = 0.0.0.0/0,::/0 remote_ts = 0.0.0.0/0,::/0 updown = "/etc/ipsec.d/vti-up-down {{ peer_conf.vti.bind }}" @@ -108,6 +113,11 @@ life_packets = {{ tunnel_esp.life_packets }} {% endif %} life_time = {{ tunnel_esp.lifetime }}s +{% if tunnel_esp.disable_rekey is vyos_defined %} + rekey_bytes = 0 + rekey_packets = 0 + rekey_time = 0s +{% endif %} {% if tunnel_esp.mode is not defined or tunnel_esp.mode == 'tunnel' %} {% if tunnel_conf.local.prefix is vyos_defined %} {% set local_prefix = tunnel_conf.local.prefix if 'any' not in tunnel_conf.local.prefix else ['0.0.0.0/0', '::/0'] %} |